Allow access to port 5281. Proxying to hide the port would be best (eg, use wss://HOST/xmpp-websocket).

If you don't proxy the WS connections, be sure to visit https://HOST:5281/xmpp-websocket first so thatany client certificate requests are fulfilled. Otherwise, connecting to Kaiwa might fail because thebrowser closes the websocket connection if prompted for client certs.

Ports / DNS

By default, You will need to ensure that these ports are open on your server:

5222 (XMPP client to server connections)

5269 (XMPP server to server connections)

5280/5281 HTTP and WebSocket connection (5281 for SSL versions)

3478 UDP (STUN/TURN)

You should also setup DNS SRV records:

_xmpp-client._tcp.HOST 3600 IN SRV 0 10 5222 HOST

_xmpp-server._tcp.HOST 3600 IN SRV 0 10 5269 HOST

If you use the mod_http_altconnect module, Kaiwa will be able to auto-discover the WebSocket connectionendpoint for your server, if you make https://HOST/.well-known/host-meta served by Prosody.

One way to do this is to make Prosody act as your HTTP server. An example nginx config for doing thatis included.